ps/Modules/Alkami.DevOps.Certificates/Public/Import-PfxCertificateWithPermissions.ps1

function Import-PfxCertificateWithPermissions {
<#
.SYNOPSIS
    Import a PFX certificate with appropriate user permissions without needing the folder structure as specified in Import-Certificates.

    .PARAMETER ImportPassword
    The password used to import the certificate.

    .PARAMETER PathToPfxCertificate
    The path to a specified PFX file.

    .PARAMETER UsersWhoNeedRights
    Optional list of users to grant rights for certificates which have private keys. If not supplied, then the resulting Import-Certificates call will assign the default users

    .EXAMPLE

    Import-PfxCertificateWithPermissions -ImportPassword 'PASSWORD_GOES_HERE' -PathToPfxCertificate "\\10.0.16.67\c`$\temp\mccu.com.pfx"
        [Import-PfxCertificateWithPermissions] : Copied cert to C:\Users\ccoane\AppData\Local\Temp\2\904bf9e6-4be5-4b8e-805b-03817b6dd198\Personal
        Importing Personal Certs
        Validating certificate mccu.com.pfx
        Certificate mccu.com.pfx Passed Validation
        Granting fh\dev.dbms$ rights to PK for certificate
        Granting fh\dev.micro$ rights to PK for certificate
        Granting FH\dev.micro$ rights to PK for certificate
        Granting fh\dev.nag$ rights to PK for certificate
        Granting fh\dev.radium$ rights to PK for certificate
        Granting iis_iusrs rights to PK for certificate
        [Import-PfxCertificateWithPermissions] : Removed temporary directory C:\Users\ccoane\AppData\Local\Temp\2\904bf9e6-4be5-4b8e-805b-03817b6dd198


    // If you need to make a modification to the default user list used by Import-Certificates e.g. PFX also requires access granted to fh\xxxx.bank$
    $SecurityGroup = Get-AppSetting -appSettingKey "Environment.UserPrefix"
    Import-PfxCertificateWithPermissions -ImportPassword 'PASSWORD_GOES_HERE' -PathToPfxCertificate "\\10.0.16.67\c`$\temp\mccu.com.pfx" -UsersWhoNeedRights  @("iis_iusrs", "fh\$SecurityGroup.radium$", "fh\$SecurityGroup.nag$", "fh\$SecurityGroup.dbms$", "fh\$SecurityGroup.micro$", "fh\$SecurityGroup.bank$")
        [Import-PfxCertificateWithPermissions] : Copied cert to C:\Users\ccoane\AppData\Local\Temp\2\a7ad2893-884b-4604-bed2-2c2d6bd597da\Personal
        Importing Personal Certs
        Validating certificate mccu.com.pfx
        Certificate mccu.com.pfx Passed Validation
        Granting fh\dev.bank$ rights to PK for certificate
        Granting fh\dev.dbms$ rights to PK for certificate
        Granting FH\dev.micro$ rights to PK for certificate
        Granting fh\dev.micro$ rights to PK for certificate
        Granting fh\dev.nag$ rights to PK for certificate
        Granting fh\dev.radium$ rights to PK for certificate
        Granting iis_iusrs rights to PK for certificate
        [Import-PfxCertificateWithPermissions] : Removed temporary directory C:\Users\ccoane\AppData\Local\Temp\2\a7ad2893-884b-4604-bed2-2c2d6bd597da

#>
    [CmdletBinding()]
    Param(
        [parameter(Mandatory=$true)]
        [string]$ImportPassword,

        [Parameter(Mandatory=$true)]
        [string]$PathToPfxCertificate,

        [Parameter(Mandatory=$false)]
        [string[]]$UsersWhoNeedRights
    )

    $logLead  = (Get-LogLeadName)

    # Verify Pfx is valid and exists/accessible
    if (!($PathToPfxCertificate -Like "*.pfx")) {
        Write-Error "$logLead : This function is expecting a certificate with a .pfx extension as the value for `$PathToPfxCertificate. Provided value is: $PathToPfxCertificate"
        return
    }

    if (!(Test-Path $PathToPfxCertificate)) {
        Write-Error "$logLead : Unable to reach the specified file from this server.  Verify the path is correct and accessible to this server. Provided value is: $PathToPfxCertificate"
        return
    }

    try {
        $randomPath = Join-Path $Env:Temp $(New-Guid)

        # Copy PFX to a randomly created folder in appropriate Import-Certificates folder structure
        $tempFolderPersonalPath = New-Item -Path $randomPath -ItemType Directory -Name "Personal" -Force
        Copy-Item -Path $PathToPfxCertificate -Destination $tempFolderPersonalPath
        Write-Host "$logLead : Copied cert to $tempFolderPersonalPath"

        # If user provided an argument for $UsersWhoNeedRights
        if ($UsersWhoNeedRights) {
            Import-Certificates -importPassword $ImportPassword -importPath $randomPath -usersWhoNeedRights $UsersWhoNeedRights
        } else {
            Import-Certificates -importPassword $ImportPassword -importPath $randomPath
        }
    } catch {
        Write-Error "$logLead : $_"
    } finally {
        # Delete the randomly created folder if it exists
        if (Test-Path -Path $randomPath) {
            Remove-Item -Path $randomPath -Recurse -Force
            Write-Host "$logLead : Removed temporary directory $randomPath"
        }
    }

    return $randomPath
}
First full commit 2023-05-30 22:51:22 -07:00			`function Import-PfxCertificateWithPermissions {`
			`<#`
			`.SYNOPSIS`
			`Import a PFX certificate with appropriate user permissions without needing the folder structure as specified in Import-Certificates.`

			`.PARAMETER ImportPassword`
			`The password used to import the certificate.`

			`.PARAMETER PathToPfxCertificate`
			`The path to a specified PFX file.`

			`.PARAMETER UsersWhoNeedRights`
			`Optional list of users to grant rights for certificates which have private keys. If not supplied, then the resulting Import-Certificates call will assign the default users`

			`.EXAMPLE`

			Import-PfxCertificateWithPermissions -ImportPassword 'PASSWORD_GOES_HERE' -PathToPfxCertificate "\\10.0.16.67\c`$\temp\mccu.com.pfx"
			`[Import-PfxCertificateWithPermissions] : Copied cert to C:\Users\ccoane\AppData\Local\Temp\2\904bf9e6-4be5-4b8e-805b-03817b6dd198\Personal`
			`Importing Personal Certs`
			`Validating certificate mccu.com.pfx`
			`Certificate mccu.com.pfx Passed Validation`
			`Granting fh\dev.dbms$ rights to PK for certificate`
			`Granting fh\dev.micro$ rights to PK for certificate`
			`Granting FH\dev.micro$ rights to PK for certificate`
			`Granting fh\dev.nag$ rights to PK for certificate`
			`Granting fh\dev.radium$ rights to PK for certificate`
			`Granting iis_iusrs rights to PK for certificate`
			`[Import-PfxCertificateWithPermissions] : Removed temporary directory C:\Users\ccoane\AppData\Local\Temp\2\904bf9e6-4be5-4b8e-805b-03817b6dd198`


			`// If you need to make a modification to the default user list used by Import-Certificates e.g. PFX also requires access granted to fh\xxxx.bank$`
			`$SecurityGroup = Get-AppSetting -appSettingKey "Environment.UserPrefix"`
			Import-PfxCertificateWithPermissions -ImportPassword 'PASSWORD_GOES_HERE' -PathToPfxCertificate "\\10.0.16.67\c`$\temp\mccu.com.pfx" -UsersWhoNeedRights @("iis_iusrs", "fh\$SecurityGroup.radium$", "fh\$SecurityGroup.nag$", "fh\$SecurityGroup.dbms$", "fh\$SecurityGroup.micro$", "fh\$SecurityGroup.bank$")
			`[Import-PfxCertificateWithPermissions] : Copied cert to C:\Users\ccoane\AppData\Local\Temp\2\a7ad2893-884b-4604-bed2-2c2d6bd597da\Personal`
			`Importing Personal Certs`
			`Validating certificate mccu.com.pfx`
			`Certificate mccu.com.pfx Passed Validation`
			`Granting fh\dev.bank$ rights to PK for certificate`
			`Granting fh\dev.dbms$ rights to PK for certificate`
			`Granting FH\dev.micro$ rights to PK for certificate`
			`Granting fh\dev.micro$ rights to PK for certificate`
			`Granting fh\dev.nag$ rights to PK for certificate`
			`Granting fh\dev.radium$ rights to PK for certificate`
			`Granting iis_iusrs rights to PK for certificate`
			`[Import-PfxCertificateWithPermissions] : Removed temporary directory C:\Users\ccoane\AppData\Local\Temp\2\a7ad2893-884b-4604-bed2-2c2d6bd597da`

			`#>`
			`[CmdletBinding()]`
			`Param(`
			`[parameter(Mandatory=$true)]`
			`[string]$ImportPassword,`

			`[Parameter(Mandatory=$true)]`
			`[string]$PathToPfxCertificate,`

			`[Parameter(Mandatory=$false)]`
			`[string[]]$UsersWhoNeedRights`
			`)`

			`$logLead = (Get-LogLeadName)`

			`# Verify Pfx is valid and exists/accessible`
			`if (!($PathToPfxCertificate -Like "*.pfx")) {`
			Write-Error "$logLead : This function is expecting a certificate with a .pfx extension as the value for `$PathToPfxCertificate. Provided value is: $PathToPfxCertificate"
			`return`
			`}`

			`if (!(Test-Path $PathToPfxCertificate)) {`
			`Write-Error "$logLead : Unable to reach the specified file from this server. Verify the path is correct and accessible to this server. Provided value is: $PathToPfxCertificate"`
			`return`
			`}`

			`try {`
			`$randomPath = Join-Path $Env:Temp $(New-Guid)`

			`# Copy PFX to a randomly created folder in appropriate Import-Certificates folder structure`
			`$tempFolderPersonalPath = New-Item -Path $randomPath -ItemType Directory -Name "Personal" -Force`
			`Copy-Item -Path $PathToPfxCertificate -Destination $tempFolderPersonalPath`
			`Write-Host "$logLead : Copied cert to $tempFolderPersonalPath"`

			`# If user provided an argument for $UsersWhoNeedRights`
			`if ($UsersWhoNeedRights) {`
			`Import-Certificates -importPassword $ImportPassword -importPath $randomPath -usersWhoNeedRights $UsersWhoNeedRights`
			`} else {`
			`Import-Certificates -importPassword $ImportPassword -importPath $randomPath`
			`}`
			`} catch {`
			`Write-Error "$logLead : $_"`
			`} finally {`
			`# Delete the randomly created folder if it exists`
			`if (Test-Path -Path $randomPath) {`
			`Remove-Item -Path $randomPath -Recurse -Force`
			`Write-Host "$logLead : Removed temporary directory $randomPath"`
			`}`
			`}`

			`return $randomPath`
			`}`